goto fail: Apple’s SSL/TLS bug – Update your devices now

This is an ugly one as Adam Langley over at describes:

Yesterday, Apple pushed a rather spooky security update for iOS that suggested that something was horribly wrong with SSL/TLS in iOS but gave no details. Since the answer is at the top of the Hacker News thread, I guess the cat’s out of the bag already and we’re into the misinformation-quashing stage now.

You can check if your browser is vulnerable over at

Currently there are updates for iOS 7 – in form of iOS 7.0.6 – and iOS 6 – iOS 6.1.6. Both are available as OTA updates now. Apple even updated Apple TV to take care of that bug. The description of the bug is rather short though.

Google Chrome for iOS or OS X isn’t vulnerable. Safari for OS X 10.9+ (even the most recent 10.9.2 build) and iOS is – unless you update to iOS 7.0.6. It’s likely that Apple will provide an update for OS X and the beta builds in the (very) near future.

Do yourself a favor and update your iOS devices now.